We want to create a Hybrid deployment between Exchange on-premises and Exchange Online. When we…
Since Exchange Server 2016 CU21 and Exchange Server 2019 CU10, users complain that there are Outlook problems. The Outlook application freezes and nothing helps until the Internet Information Services, or the Exchange Server is completely restarted. However, when the users use Outlook Web Access (OWA), everything works excellent. Let’s look at why this happens, and why particularly for Outlook clients.
Table of contents
Exchange Server AMSI integration
The Antimalware Scan Interface (AMSI) is a versatile interface standard that allows your applications and services to integrate with any antimalware product that’s present on a machine. AMSI provides enhanced malware protection for your end-users and their data, applications, and workloads.
Microsoft introduced AMSI integration in these Exchange Server CUs:
Disable AMSI in security product
AMSI integration is not working excellent with some security products installed on the Exchange Server. Disable AMSI in the security product and restart the Exchange Server.
Not every security product is causing these Outlook performance problems. So far we have seen, it’s Sophos and McAfee. Disable AMSI within the security products temporarily and check if that helps.
Below you can find an example of how to disable AMSI Protection in Sophos.
AMSI on Exchange Server
What if you want to revert to how it was? Because it was working fine all the time, now with Exchange Server 2016 CU21 / Exchange Server 2019 CU10, or higher, it’s not working as you expect. Is there a way to disable the AMSI integration from the Exchange Server instead of disabling AMSI in the security product? Yes, you can.
You can disable AMSI on the Exchange Server with PowerShell. There is a PowerShell script that you can use or run the commands manually. Note that you need to run Exchange Management Shell as administrator.
After you disable or enable AMSI, you will have to restart the Internet Information Services (IIS) on the machine which will disrupt connectivity. So make sure to do this when there will be no impact to the server or under a maintenance period.
Disable AMSI with PowerShell script
An excellent way to disable Windows AMSI is to download Test-AMSI.ps1 PowerShell script provided by Microsoft. The script has a great set of features.
Place the Test-AMSI.ps1 PowerShell script on the Exchange Server C:\scripts folder. If you don’t have a scripts folder, create one. Make sure to check if the file is unblocked to prevent any errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.
Run both the commands to Disable AMSI on the Exchange Server.
[PS] C:\scripts>.\Test-AMSI.ps1 -DisableAMSI [PS] C:\scripts>.\Test-AMSI.ps1 -RestartIIS
Run these two commands to Enable AMSI on the Exchange Server.
[PS] C:\scripts>.\Test-AMSI.ps1 -EnableAMSI [PS] C:\scripts>.\Test-AMSI.ps1 -RestartIIS
Disable AMSI with PowerShell
If you want to run the commands manually without the PowerShell script, run these three commands to create a new server override.
[PS] C:\>New-SettingOverride -Name DisablingAMSIScan -Component Cafe -Section HttpRequestFiltering -Parameters ("Enabled=False") -Reason "Testing" [PS] C:\>Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh [PS] C:\>Restart-Service -Name W3SVC, WAS -Force
Once your testing is complete, re-enable the AMSI integration. Run the commands to remove the setting override.
[PS] C:\>Remove-SettingOverride -Identity DisablingAMSIScan -Confirm:$false [PS] C:\>Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh [PS] C:\>Restart-Service -Name W3SVC, WAS -Force
Read more: Find Exchange version with PowerShell »
Do you get complaints from users that Outlook is freezing, and did you by any chance upgraded Exchange Server 2016 CU21, Exchange Server 2019 CU10, or later? Check out the security product on the Exchange Server and disable AMSI integration within the security product. If that’s not an option and you want to disable the newly introduced AMSI feature on the Exchange Server, run the PowerShell script or commands to disable AMSI.
Did you enjoy this article? You may also like Uninstall Windows Defender on Windows Server. Don’t forget to follow us and share this article.